FOURLIS S A : Information about the Protection of Personal Data
11/27/2020 | 09:27am EST
INFORMATION ON THE PROCESSING OF PERSONAL DATA
FOR THE SHAREHOLDERS OF "FOURLIS HOLDINGS S.A."
PROVISION OF INFORMATION TO DATA SUBJECTS
"FOURLIS HOLDINGS S.A." (hereinafter referred to as the "Company"), in its capacity as data controller, in accordance with the Regulation (EU) 2016/679 (GDPR), L. 4624/2019 and the other provisions of the Greek and European legislation on the protection of personal data, informs the natural person in her/his capacity as shareholder of the Company, former shareholders and/or persons with a voting right and/or their representatives, as well as others exercising the voting right by representing legal entities (hereinafter referred to as "Shareholder"), that the Company itself as an issuer or third parties acting on its instructions and on its behalf, will process personal data relating to her/him, in the context of her/his capacity as the Company shareholder, in the way described as below.
Ι. What kind of data do we collect?
Identification data, such as: name and surname, father's name, identity card number or passport number or other equivalent document, tax identification number, profession, citizenship, and other demographic data.
Contact information such as: postal and e-mail address, fixed and/or mobile telephone number, etc.
Number and type of shares.
Investor Share Code Number in the Dematerialized Securities System (DSS).
Investor Securities Account Number in the Dematerialized Securities System (DSS).
Data relating to the capacity under which the Shareholder participates to the General Meeting and the relevant supporting documentation.
Correspondence and communication data.
Data relating to the participation and the exercise of the voting right of the Shareholder in the General Meeting
ΙΙ. Where do we collect your data from?
The Company collects the aforementioned personal data either directly from the Shareholder or from third persons authorized by the Shareholder, or from the company "Hellenic Central Securities Depository S.A.".
ΙΙΙ. Why do we collect your data and how do we process them?
Personal data collected in the way described above, in accordance with the applicable legal and regulatory framework, are processed for the following purposes:
To identify the Shareholder.
To communicate with the Shareholder.
To verify the correctness and legality of exercising Shareholders' rights according to the relative legislation and regulatory framework (i.e. participation in the General Meeting, exercise of the voting right in the General Meeting, drawing up a shareholders' list, keeping minutes of the General Meeting, participation in corporate actions, etc.).
To fulfil the Company's obligations towards its shareholders (i.e. dividend distribution).
To fulfill and defend the Company's legal rights and interests in case of possible legal claims of the Company.
To keep an archive of the Company's shareholders.
The aforementioned purposes of personal data processing may be based on more than one legal bases. Specifically, the processing is necessary for compliance with legal obligation to which the Company is subject (mainly points a, b, c, and d), for the purposes of the legitimate interests pursued by the Company (mainly points e, g and f) and in order to fulfill its obligations to its shareholders (mainly points a, b, c, and d).
IV. Who are the data recipients?
The Company's employees who are responsible for Shareholders' identification and for reviewing the lawful exercise of their rights.
Natural persons and legal entities, to which the Company assigns the execution of certain tasks on its behalf under the condition of confidentiality, such as, inter alia, database management companies, file storage and recordkeeping companies, postal services providers, providers of services related to the development, maintenance and customization of IT applications, e-mail services providers, companies providing webhosting services (including cloud services) lawyers, law firms, chartered accountants or audit firms.
The company "Hellenic Central Securities Depository S.A."
Supervisory, audit, independent, judicial, public and/or other authorities and bodies within the scope of their statutory tasks, duties and powers (i.e. Hellenic Capital Market Commission, Financial and Economic Crime Unit, Greek Financial Intelligence Unit).
Other shareholders, as appropriate, in accordance with the law.
Are the data transferred outside the European Economic Area (E.E.A.) or to international organizations? The Company does not currently transfer any personal data to any third country or international organization..
In case the transfer of any Shareholders' personal data to countries outside the E.E.A. (third countries) or in international organizations is required for one of the following reasons, this is done to the extent that the European Commission has issued an implementing act to the effect that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection of personal data or if appropriate guarantees have been provided from the recipient, according to the European Union and/or Greek legislation. Shareholders' personal data transfer to third countries, outside the E.E.A., may take place under the following circumstances:
when the Shareholder has been specifically informed and has given her/his express consent to the Company, provided also that the other conditions laid down in the legislative framework are met,
where the transfer is necessary for the execution of contractual obligations,
where the transfer is necessary for the establishment, exercise or support of legal claims or the defense of the Company's legal rights,
where the transfer is necessary under a statutory provision or a transnational convention or an international convention, or
for the purposes of the Company's compliance with rules relating to automatic exchange of information in the taxation area, as those are provided for by the statutory and regulatory framework.
In order to fulfill the obligations under points d or e above, the Company may transfer shareholder's personal data to the competent national authorities, in order for them to forward these data to the relevant authorities of third countries.
VI. For how long are the data retained?
The personal data will be stored by the Company for the period of time required by law or according to the legal basis for the retention of the personal data relevant to their processing purpose, as well as for the necessary period of time required by the legal and/or regulatory framework in force or for the time required for the Company to exercise its claims and defend its rights and legal interests.
VII. What rights does the shareholder has for the protection of her/his personal data?
According to GDPR, the personal data subject has the following rights, which may be exercised on case by case basis:
To know which personal data, concerning her/him, are being stored and processed by the Company, as well as their source (right of access).
To request for the rectification and/or supplementation of this personal data, so as to be complete and accurate, by submitting any necessary document which shows the need for supplementation or rectification (right to rectification). This is at the same time a Shareholder's obligation.
To request the restriction of processing concerning her/his personal data (right to restriction of processing).
To deny and/ or object to any further processing of her/his personal data retained by the Company (right to object).
To request for deletion of her/his personal data from the Company's records (right to be forgotten).
To request for the transfer of the data she/he has provided to the Company to another controller (right to data portability).
The Company has, in any case, the right to refuse the satisfaction of Shareholder's request if, indicatively, the personal data processing is necessary for the retention of subject's capacity as a Shareholder and/or the possession of her/his voting right, for the exercise of her/his rights as the Company's Shareholder or as person having voting right, as well as in case they are necessary for the establishment, exercise or defense of the Company's rights, the compliance of the Company with its legal obligations or the fulfilment of the Company's obligations towards its shareholders.
The Company reserves in any case the right to deny the deletion of Shareholder's personal data if such personal data is essential for the purposes of maintaining the archive of the Company's shareholders (pursuant to the aforementioned Section III.f), as well as in any case their processing or retention is necessary for the establishment, the exercise and the defense of the Company's legal rights or the fulfillment of the Company's obligations.
The exercise of the right to data portability (point f above) does not imply the deletion of data from the Company's records.
VIIΙ. How can the shareholder exercise her/his rights?
In order to exercise her/his rights, the Shareholder may address the Company:
In writing to: Fourlis Holdings S.A.
18-20 Sorou street, Building A', Marousi, 15125 c/o: Data Protection Officer
Through email to Company's Data Protection Officer to:email@example.com
The Company shall use its best endeavors to address the shareholders' request within thirty (30) days of its
receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary according to the discretion of the Company, taking into account the complexity of the issue and the number of the pending requests. The Company shall inform the Shareholder within thirty (30) days after receipt of her/his request in any case of prolongation of the abovementioned period, stating the reasons of such prolongation.
If the Company does not take action in relation to Shareholder's request, it shall inform the Shareholder without delay and within thirty (30) days of the receipt of her/his request at the latest, for the reasons it did not take action and for the possibility of the shareholder to submit a complaint and initiate judicial proceedings.
The abovementioned service is provided free of charge. However, in case the requests are obviously unfounded and/or are repeated and/or excessive, a reasonable fee may be imposed after the Shareholder has been informed accordingly, or the Company may refuse to respond to such requests.
ΙΧ. How are the shareholder's rights protected?
The Company applies an information security management system to ensure the confidentiality and security of the shareholders' data processing and the protection of personal data against accidental or unfair destruction, loss, alteration, unauthorized disclosure or access and any other form of unfair processing.
Χ. Complaints submission
The Shareholder has the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to their personal data processing, when she/he assumes that her/his rights are infringed in any way, as well as the right to initiate judicial proceedings.
Fourlis Holdings S.A.
Address: 18-20 Sorou street, Building A, Marousi, 15125 Athens
Contact phone number: +30 210 629 3000
ΙΙ. Data Protection Officer
Address: 18-20 Sorou street, Building A, Marousi, 15125 Athens
This is an excerpt of the original content. To continue reading it, access the original document here.